From owner-freebsd-chat Wed Oct 10 9: 2:22 2001 Delivered-To: freebsd-chat@freebsd.org Received: from be-well.ilk.org (lowellg.ne.mediaone.net [24.147.184.128]) by hub.freebsd.org (Postfix) with ESMTP id 43FDD37B40B for ; Wed, 10 Oct 2001 09:02:19 -0700 (PDT) Received: (from lowell@localhost) by be-well.ilk.org (8.11.6/8.11.4) id f9AG28I20650; Wed, 10 Oct 2001 12:02:08 -0400 (EDT) (envelope-from lowell) From: Lowell Gilbert To: freebsd-chat@FreeBSD.ORG Subject: Re: Code 'auditing' (was Re: code density vs readability) References: <9ptk3o$14kg$1@FreeBSD.csie.NCTU.edu.tw> <44d73xt0y9.fsf@lowellg.ne.mediaone.net> <0110090955220A.07185@prime.vsservices.com> <448zejljtz.fsf@lowellg.ne.mediaone.net> <20011010143520.A68224@jake.akitanet.co.uk> Date: 10 Oct 2001 12:02:08 -0400 In-Reply-To: Paul Robinson's message of "Wed, 10 Oct 2001 14:35:20 +0100" Message-ID: <44adyzeb5r.fsf@lowellg.ne.mediaone.net> Lines: 50 X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Paul Robinson writes: > On Oct 10, Lowell Gilbert wrote: > > > > There was at one time a hole in emacs that would let you write system files. > > > This was about 8 or 9 years ago I belive. > > > > Impossible. emacs runs with user privileges, so no hole in it could > > have any effect like this. > > It's improbable, not impossible. Nothing is impossible when it comes to > security. Just very unlikely. As for emacs running with user privileges, > well... we were originally talking about running emacs as root. Go figure. It may not be impossible that you could have a security problem where emacs would let you write files you shouldn't be able to, but that would be a security hole in the operating system, not in emacs. And, yes, we *were* originally talking about running emacs as root, and I addressed that point separately, but in my personal opinion, it is not a bug for emacs to allow the editing of system files if the user running emacs is, in fact, root. Call me funny that way. > > The original concern, about whether emacs could have malicious code > > shipped with it, is more realistic. I think it's not worth worrying > > about, because there really are more eyes on the code, on a more > > regular basis, than the original poster realized. > > Ahhh - the 'more eyes are a good thing argument' - one of my favourite > arguments about security of open source code. You see, the problem is, it's > not actually relevant. I had specific pairs of eyes in mind. Some of them could be considered to be conducting formal audits. I do, however, agree with your point that sheer numbers of eyes are not especially helpful. The original poster made a related, but slightly different point, which is that the number of people who *really* tried to look at some pieces of the emacs code may be quite small anyway. > It's not just PGP either - every piece of software you run, you assume to be > security hole free because with your argument 'there are enough eyes looking > at it for me' - not a very security concious stance. Source to which I have access is better than source I don't, for a variety of reasons, of which "number of eyes" is a real, but not very important one. All other aspects that contribute to security are orthogonal to whether the source is open or not, and my best evidence is that much open software today actually does fairly well on such things. - Lowell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message